Android code obfuscation

Source: Internet
Author: User

Android code obfuscation

 

 

1. Role of code obfuscationJava is a cross-platform and interpreted language. Java source code is compiled into a class file. Because of cross-platform requirements, Java bytecode contains a lot of source code information, such as variable names and method names, and these names are used to access variables and methods. These symbols contain a lot of semantic information, it is easy to decompile into Java source code. To prevent this problem, we can use the Java obfuscator to confuse Java bytecode. Obfuscation is performed on released programs. Reorganizing and ProcessingTo make the processed code and the pre-processed code Complete the same functionsAnd the obfuscated code is hard to be DecompilationEven if the decompilation succeeds, it is difficult to obtain the true semantics of the program. The program code that has been obfuscated still follows the original file format and instruction set, and the execution result is the same as before, the obfuscator only changes the names of all variables, functions, and classes in the Code into short letters and codes. In the absence of corresponding function names and program comments, even if they are decompiled, it will be hard to read. At the same time, obfuscation is irreversible. During the obfuscation process, information that does not affect normal operation will be lost permanently. The loss of such information makes the program more difficult to understand. Obfuscators not only protect code, but also Function of streamlining the size of compiled programs. Due to the reduction of variable and function names and the loss of some information described above, the size of the compiled jar file can be reduced by approximately 25%, this makes some sense for the currently expensive wireless network transmission. Region and project. properties file. By default, code obfuscation is not enabled. # proguard. config =$ {sdk. dir}/tools/proguard/proguard-android.txt.
2. obfuscation syntax
-Optimizationpasses 5 # specify the compression level of the code-dontusemixedcaseclassnames # whether to use case-sensitive hybrid-dontskipnonpubliclibraryclasses # Whether to confuse third-party jar-dontpreverify # Whether to perform pre-check-verbose -optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/* # algorithm used for obfuscation-keep public class * extends android. app. activity # keep classes that are not Obfuscated-keep public class * extends android. app. application # keep classes that are not Obfuscated-keep public class * extends android. app. service # Do not confuse classes-keep public class * extends android. content. broadcastReceiver # keep classes that are not Obfuscated-keep public class * extends android. content. contentProvider # Do not confuse classes-keep public class * extends android. app. backup. backupAgentHelper # keep classes that are not Obfuscated-keep public class * extends android. preference. preference # keep classes that are not Obfuscated-keep public class com. android. vending. licensing. ILicensingService # Keep classes not Obfuscated-keepclasseswithmembernames class * {# Keep native METHOD not obfuscated native
 
  
;}-Keepclasseswithmembers class * {# Keep the custom control class public
  
   
(Android. content. Context, android. util. AttributeSet);}-keepclasseswithmembers class * {public
   
    
(Android. content. context, android. util. attributeSet, int); # Do not confuse custom control classes}-keepclassmembers class * extends android. app. activity {# Keep the custom control class from being confused with public void * (android. view. view);}-keepclassmembers enum * {# Keep The enum class from being confused public static ** [] values (); public static ** valueOf (java. lang. string);}-keep class * implements android. OS. parcelable {# Keep Parcelable not to be confused public static final android. OS. parcelable $ Creator *;}-keep class MyClass; # keep the class defined by yourself not confused
   
  
 


3. obfuscated instancesSeveral examples are introduced:
# Specify the code compression level-optimizationpasses 5-dontusemixedcaseclassnames # Whether to confuse third-party jar-dontskipnonpubliclibraryclasses-dontpreverify-keepattributes SourceFile, LineNumberTable-verbose-optimizations! Code/simplification/arithmetic ,! Field /*,! Class/merging/*-libraryjars libs/libammsdk httpmime-4.1.3.jar-libraryjars. jar-libraryjars libs/fastjson-1.1.34.android.jar-libraryjars libs/commons-lang.jar-libraryjars libs/weibosdkcore. jar # webview + js # keep uses webview class-keepclassmembers class com. goldnet. mobile. activity. infoDetailActivity {public *;} # keep uses all internal classes of the webview class-keepclassmembers class com. goldnet. mobile. activity. infoDetailActivity $ * {*;} # keep classes that are not Obfuscated-keep class android. ** {*;}-keep public class * extends android. view-keep public class * extends android. app. activity-keep public class * extends android. app. application-keep public class * extends android. app. service-keep public class * extends android. content. pm-keep public class * extends android. content. broadcastReceiver-keep public class * extends android. content. contentProvider-keep public class * extends android. app. backup. backupAgentHelper-keep public class * extends android. preference. preference-keep public class com. android. vending. licensing. ILicensingService # ACRA specifics # we need line numbers in our stack traces otherwise they are pretty useless-Your SourceFile-keepattributes SourceFile, LineNumberTable # ACRA needs annotations so add this... -keepattributes * Annotation * # Keep native Methods unobfuscated-keepclasseswithmembernames class * {native
 
  
;} # Keep the custom control class unobfuscated-keepclasseswithmembers class * {public
  
   
(Android. content. Context, android. util. AttributeSet);}-keepclasseswithmembers class * {public
   
    
(Android. content. context, android. util. attributeSet, int);}-keepclasseswithmembers class * {void onClick *(...);} -keepclasseswithmembers class * {***** Callback (...);} # keep setters in Views so that animations can still work. # see http://proguard.sourceforge.net/manual/examples.html#beans-keepclassmembers public class * extends android. view. view {void set * (***); *** get * () ;}# keep the custom control class unobfuscated-keepclassmembers class * extends android. app. activity {public void * (android. view. view) ;}# keep the enum class unobfuscated-keepclassmembers enum * {public static ** [] values (); public static ** valueOf (java. lang. string) ;}# keep Parcelable intact-keep class * implements android. OS. parcelable {public static final android. OS. parcelable $ Creator *;}-keepclassmembers class **. r$ * {public static
    
     
;} # Http client-keep class org. apache. http. ** {*;} #-keep class com. tencent. mm. sdk. openapi. WXMediaMessage {*;}-keep class com. tencent. mm. sdk. openapi. ** implements com. tencent. mm. sdk. openapi. WXMediaMessage $ IMediaObject {*;} # fastjson-keep class com. alibaba. fastjson. ** {*;} # all keep javabean-keep class com. goldnet. mobile. entity. ** {*;} # keep generic-keepattributes Signature #-keep public class * implements java. io. serializable {# public *; #}#-keepclassmembers class * implements java. io. serializable {# static final long serialVersionUID; # private static final java. io. objectStreamField [] serialPersistentFields; # private void writeObject (java. io. objectOutputStream); # private void readObject (java. io. objectInputStream); # java. lang. object writeReplace (); # java. lang. object readResolve () ;#}-keep class org. apache. commons. lang. ** {*;} # Sina Weibo-keep class com. sina. ** {* ;}######## other third-party libraries #######-dontwarn org. bouncycastle. **-keep class org. bouncycastle. ** {*;}-dontwarn android-async-http-1.4.4.jar. **-keep class android-async-http-1.4.4.jar. ** {*;}-dontwarn Decoder. **-keep class Decoder. ** {*;} # volley-dontwarn com. android. volley. jar. **-keep class com. android. volley. ** {*;} # actionbarsherlock-dontwarn com. actionbarsherlock. **-keep class com. actionbarsherlock. ** {*;} # slidingmenu-dontwarn com. jeremyfeinstein. slidingmenu. lib. **-keep class com. jeremyfeinstein. slidingmenu. lib. ** {*;}-dontwarn com. cairh. app. sjkh. **-keep class com. cairh. app. sjkh. **{*;}
    
   
  
 


Let's look at another instance.
# To enable ProGuard in your project, edit project.properties# to define the proguard.config property as described in that file.## Add project specific ProGuard rules here.# By default, the flags in this file are appended to flags specified# in ${sdk.dir}/tools/proguard/proguard-android.txt# You can edit the include path and order by changing the ProGuard# include property in project.properties.## For more details, see#   http://developer.android.com/guide/developing/tools/proguard.html# Add any project specific keep options here:# If your project uses WebView with JS, uncomment the following# and specify the fully qualified class name to the JavaScript interface# class:#-keepclassmembers class fqcn.of.javascript.interface.for.webview {#   public *;#}-optimizationpasses 5-dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses-dontpreverify-verbose-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*-keepattributes *Annotation*-keepattributes Signature-libraryjars libs/apns_1.0.6.jar-libraryjars libs/armeabi/libBaiduMapSDK_v2_3_1.so-libraryjars libs/armeabi/liblocSDK4.so-libraryjars libs/baidumapapi_v2_3_1.jar-libraryjars libs/core.jar-libraryjars libs/gesture-imageview.jar-libraryjars libs/gson-2.0.jar-libraryjars libs/infogracesound.jar-libraryjars libs/locSDK_4.0.jar-libraryjars libs/ormlite-android-4.48.jar-libraryjars libs/ormlite-core-4.48.jar-libraryjars libs/universal-image-loader-1.9.0.jar-keep class com.baidu.** { *; }-keep class vi.com.gdi.bgl.android.**{*;}-keep public class * extends android.app.Fragment -keep public class * extends android.app.Activity-keep public class * extends android.app.Application-keep public class * extends android.app.Service-keep public class * extends android.content.BroadcastReceiver-keep public class * extends android.content.ContentProvider-keep public class * extends android.app.backup.BackupAgentHelper-keep public class * extends android.preference.Preference-keep public class * extends android.support.v4.**-keep public class com.android.vending.licensing.ILicensingService-keep class com.google.gson.stream.** { *; }-keep class com.google.gson.examples.android.model.** { *; }-keep class com.uuhelper.Application.** { *; }-keep class net.sourceforge.zbar.** { *; }-keep class com.google.android.gms.** { *; }-keep class com.bank.pingan.model.** { *; }-keep public class * extends com.j256.ormlite.android.apptools.OrmLiteSqliteOpenHelper-keep public class * extends com.j256.ormlite.android.apptools.OpenHelperManager-keep class com.android.vending.licensing.ILicensingService-keep class android.support.v4.** { *; } -keep class org.apache.commons.net.** { *; } -keep class com.tencent.** { *; } -keep class com.umeng.** { *; } -keep class com.umeng.analytics.** { *; } -keep class com.umeng.common.** { *; } -keep class com.umeng.newxp.** { *; } -keep class com.j256.ormlite.** { *; } -keep class com.j256.ormlite.android.** { *; } -keep class com.j256.ormlite.field.** { *; } -keep class com.j256.ormlite.stmt.** { *; }-dontwarn android.support.v4.** -dontwarn org.apache.commons.net.**-dontwarn com.tencent.** -keepclasseswithmembernames class * {    native 
 
  ;}-keepclasseswithmembernames class * {    public 
  
   (android.content.Context, android.util.AttributeSet);}-keepclasseswithmembernames class * {    public 
   
    (android.content.Context, android.util.AttributeSet, int);}-keepclassmembers enum * {    public static **[] values();    public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable {  public static final android.os.Parcelable$Creator *;}-keepclasseswithmembers class * {    public 
    
     (android.content.Context);}-dontshrink-dontoptimize-dontwarn com.google.android.maps.**-dontwarn android.webkit.WebView-dontwarn com.umeng.**-dontwarn com.tencent.weibo.sdk.**-dontwarn com.facebook.**-keep enum com.facebook.**-keepattributes Exceptions,InnerClasses,Signature-keepattributes *Annotation*-keepattributes SourceFile,LineNumberTable-keep public interface com.facebook.**-keep public interface com.tencent.**-keep public interface com.umeng.socialize.**-keep public interface com.umeng.socialize.sensor.**-keep public interface com.umeng.scrshot.**-keep public class com.umeng.socialize.* {*;}-keep public class javax.**-keep public class android.webkit.**-keep class com.facebook.**-keep class com.umeng.scrshot.**-keep public class com.tencent.** {*;}-keep class com.umeng.socialize.sensor.**-keep class com.tencent.mm.sdk.openapi.WXMediaMessage {*;}-keep class com.tencent.mm.sdk.openapi.** implements com.tencent.mm.sdk.openapi.WXMediaMessage$IMediaObject {*;}-keep class im.yixin.sdk.api.YXMessage {*;}-keep class im.yixin.sdk.api.** implements im.yixin.sdk.api.YXMessage$YXMessageData{*;}-keep public class [your_pkg].R$*{    public static final int *;}
    
   
  
 

After the obfuscation file is compiled, the Apk is generated. Note that if you use Run or Build Project/Build All in Eclipse to generate an Apk, the code will not be confused! In Eclipse Package Explorer, select the project root node and find Android Tools in the right-click menu, as shown in. There are two sub-menu items under it: "Export Signed Application Package... "and" Export Unsigned Application Package... ", one is with RSA digital signature, the other is without digital signature, select one as needed, and then follow the wizard, the final generated Apk is obfuscated with the code! To view the effect, you can use a compression program such as 7z (directly use the archive manager in Ubuntu) to open the classes. dex decompress, convert dex2jar to jar format, and use the Java anti-encoding tool to open the file. The obfuscation effect of the Code is displayed.

 

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.